Lucene search
+L

378 matches found

bdu_fstec
bdu_fstec
added 2024/01/15 12:0 a.m.6 views

The vulnerability of the J-Web interface on Juniper Networks Junos OS-based operating systems in SRX and EX devices allows a hacker to execute arbitrary code.

The vulnerability of the J-Web interface on Juniper Networks Junos OS operating systems on SRX and EX devices is related to the ability to write beyond the buffer boundaries into memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.7AI score0.17668EPSS
Exploits1References3Affected Software1
thn
thn
added 2024/01/13 10:45 a.m.90 views

Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches

Juniper Networks has released updates to fix a critical remote code execution RCE vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring system. "An out-of-bounds write vulnerability in J-Web of Juniper Networks Jun...

9.8CVSS9.1AI score0.17668EPSS
Exploits1
cve
cve
added 2024/01/12 12:52 a.m.121 views

CVE-2024-21591

CVE-2024-21591 is an out-of-bounds write vulnerability in Juniper Networks Junos OS J-Web affecting SRX Series and EX Series. An unauthenticated, network-based attacker can cause a Denial of Service or Remote Code Execution and obtain root privileges on affected devices. The flaw stems from use o...

9.8CVSS9.7AI score0.17668EPSS
Exploits1References3Affected Software1
vulnrichment
vulnrichment
added 2024/01/12 12:52 a.m.30 views

CVE-2024-21591 Junos OS: SRX Series and EX Series: Security Vulnerability in J-web allows a preAuth Remote Code Execution

An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service DoS, or Remote Code Execution RCE and obtain root privileges on the device. This issue is caused by use of an...

9.8CVSS7.9AI score0.17668EPSS
Exploits1References3
cvelist
cvelist
added 2024/01/12 12:52 a.m.285 views

CVE-2024-21591 Junos OS: SRX Series and EX Series: Security Vulnerability in J-web allows a preAuth Remote Code Execution

An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service DoS, or Remote Code Execution RCE and obtain root privileges on the device. This issue is caused by use of an...

9.8CVSS9.8AI score0.17668EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2024/01/10 12:0 a.m.5 views

PT-2024-1048 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 20.4R3-S9 Junos OS 21.2 versions prior to 21.2R3-S7 Junos OS 21.3 versions prior to 21.3R3-S5 Junos OS 21.4 versions prior to 21.4R3-S5 Junos OS 22.1 versions prior to 22.1R3-S4 Junos OS 22.2 versions prior to...

9.8CVSS7.8AI score0.17668EPSS
Exploits1References71
nessus
nessus
added 2023/12/08 12:0 a.m.19 views

Junos J-Web Detection

Binary data junosjwebdetect.nbin...

7.3AI score
Exploits0References1
vulncheck_kev
vulncheck_kev
added 2023/11/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-22242

A Cross-site Scripting XSS vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS...

6.1CVSS6.5AI score0.02468EPSS
Exploits0References1
cisa_kev
cisa_kev
added 2023/11/13 12:0 a.m.36 views

Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability

Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication, an attacker is...

5.3CVSS7.8AI score0.94205EPSS
In wildExploits4
cisa_kev
cisa_kev
added 2023/11/13 12:0 a.m.25 views

Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability

Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication, an...

5.3CVSS7.8AI score0.84692EPSS
In wildExploits2
cisa_kev
cisa_kev
added 2023/11/13 12:0 a.m.20 views

Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability

Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...

5.3CVSS7.8AI score0.01091EPSS
In wildExploits0
bdu_fstec
bdu_fstec
added 2023/10/30 12:0 a.m.8 views

The vulnerability of the J-Web interface in Juniper Networks Junos OS allows a hacker to execute arbitrary code.

The vulnerability of the J-Web interface in Juniper Networks Junos OS systems is related to the lack of authentication for critical functions. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS6.7AI score0.01091EPSS
Exploits0References3Affected Software1
githubexploit
githubexploit
added 2023/10/02 6:28 a.m.348 views

Exploit for PHP External Variable Modification in Juniper Junos

CVE-2023-36845 PoC Automation Script This script provides an...

9.8CVSS9.7AI score0.93546EPSS
Exploits25
packetstorm
packetstorm
added 2023/10/02 12:0 a.m.632 views

Juniper SRX Firewall / EX Switch Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'Junos OS PHPRC Environment Variable Manipulation RCE', 'Description' = %q...

9.8CVSS7.1AI score0.93546EPSS
Exploits27
zdt
zdt
added 2023/10/02 12:0 a.m.448 views

Juniper SRX Firewall / EX Switch Remote Code Execution Exploit

This Metasploit module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices running FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP...

9.8CVSS6.2AI score0.93546EPSS
Exploits27
metasploit
metasploit
added 2023/09/29 7:51 p.m.353 views

Junos OS PHPRC Environment Variable Manipulation RCE

This module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices run FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP features. The...

9.8CVSS8AI score0.93546EPSS
Exploits27
osv
osv
added 2023/09/27 3:18 p.m.4 views

CVE-2023-36851

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...

5.3CVSS5.9AI score0.01091EPSS
Exploits0References2
attackerkb
attackerkb
added 2023/09/27 3:18 p.m.35 views

CVE-2023-36851

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...

5.3CVSS6.4AI score0.01091EPSS
In wildExploits0References2Affected Software1
prion
prion
added 2023/09/27 3:18 p.m.57 views

Authentication flaw

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...

5CVSS6AI score0.01091EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2023/09/26 7:53 p.m.14 views

CVE-2023-36851 Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload and download arbitrary files

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...

5.3CVSS6.2AI score0.01091EPSS
Exploits0References1
Rows per page
Query Builder